Methods and apparatus for including a confidential structural component in a third party remote product simulation

ABSTRACT

A method of allowing inclusion of a structural component which is the confidential property of an owner in a third party remote product simulation, the method comprising, in owner modelling software: importing a component model including geometry of the component, mesh data and at least one material property of the component; encrypting a secure part of the component model which is to remain confidential to the owner using a software key, and leaving an interface part of the component model unencrypted; adding a restriction to the component model before the component model is exported, the restriction specifying simulation result data which is not to be visible to the third party; and exporting the partially encrypted component model to the third party for use in third party modelling software.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of European Application No.14150225.2, filed Jan. 6, 2014, the disclosure of which is incorporatedherein by reference.

BACKGROUND

1. Field

The present invention relates to numerical simulation in multiplecomponent products. Numerical simulation technologies exist, includingstructural analysis, which determines the effects of loads on physicalstructures and their components, computational fluid dynamics (CFD),which is used to analyze and solve problems involving fluid flow andpotentially heat flow; and electromagnetic/magnetic field analysis whichmaps fields and their effects across components and structures forexample to approximate surface currents and interior fields arising incomplex electronic objects.

2. Description of the Related Art

These types of simulations are a subset of Computed Aided Engineering(CAE), which is the use of computer software for the purpose of modelingand simulating the behavior of products in order to improve theirquality.

The invention particularly relates to the field of numerical simulationswhich involve models of products composed of separately sourcedcomponents. The models are usually three dimensional but may also be twodimensional. A typical application is CFD, structural or electromagneticfield simulation of any scale, from data centers to servers in mobilecommunication devices or LSI (large scale integration) circuits, inwhich the model usually consists of many components and in which animportant property such as electromagnetic field density or temperaturemay be varied according to the component chosen and/or its placement.

Numerical simulation has become a crucial step in the design andmanufacture of many industrial products and facilities. Results obtainedfrom numerical simulations may be used to increase the quality andreliability of products by optimizing the components placed within theproduct, or on a larger scale, within a data centre or room within adata centre.

The flow of a traditional simulation process is as follows, using CFD asan example. First, a CAD model of the system to be simulated is createdor obtained. Before the simulation can be performed, the model has toundergo pre-processing, in which a mesh of the model is created and thenboundary conditions and material properties are set. In meshing, thegeometry is partitioned (meshed) by a mesher into a very large number ofelements, to form a mesh. The mesh, accompanied by the boundaryconditions, is subsequently sent to a solver which uses standardnumerical techniques, like the finite element method, or, more usually,the finite volume method to compute the effect (in this case fluidbehavior and properties) of the boundary conditions on the system, usingindividual calculations for each element.

Other common numerical techniques are the finite difference method andthe boundary element method. FIGS. 1 a to 1 c show different kind ofmesh data for different numerical methods. Figure la illustrates a nodeand element data structure for a tri-mesh finite element method; FIG. 1b shows the equivalent quad-mesh data structure; and FIG. 1 c a2-dimensional finite difference grid structure. The data structurecontains position information about the mesh/gridelements/nodes/intersections. Each grid/mesh is constructed to suit theshape of the component being modeled. For complex geometries with manycomponents, the meshing stage is particularly difficult both from acomputational point of view and because in many instances it involvesmanual work.

After the pre-processing stage has been completed, the CFD solvermentioned above executes a simulation/modeling stage which solves thenumerical equations, generally using an iterative technique to obtainthe results of the simulation. The process ends with a post-processingstage, in which the results are visualized and analyzed.

Related art methods aim to address the computing and/or user input timerequired to simulate complex CFD models, in particular for models thatare a combination of a number of components. These methods include usingcomponents, whose properties including their component geometry,modeling properties needed for simulation, and individual mesh are knownand combining them in a desired configuration to make up a CFD model ofa product. This allows the components to be meshed only once and thenplaced within a range of products, by simple selection and positioningof pre-meshed components.

It is desirable to make this use of pre-meshed components more widelyavailable.

SUMMARY

Additional aspects and/or advantages will be set forth in part in thedescription which follows and, in part, will be apparent from thedescription, or may be learned by practice of the invention.

According to embodiments of a first aspect of the invention there isprovided a method of allowing inclusion of a structural component whichis the confidential property of an owner in a third party remote productsimulation, the method comprising, in owner modeling software: importinga component model including geometry of the component, mesh data and atleast one material property of the component; encrypting a secure partof the component model which is to remain confidential to the ownerusing a software key, and leaving an interface part of the componentmodel unencrypted; adding a restriction to the component model beforethe component model is exported, the restriction specifying simulationresult data which is not to be visible to the third party; and exportingthe partially encrypted component model to the third party for use inthird party modeling software.

The inventors have realized that there may be some barriers in usingpre-meshed component models in a commercial situation in which aproprietary component is to be inserted into a third party product andthe proprietary component still has at least some confidentialcharacteristics. For example, a heat sink may be owned by a manufacturecompany who does not wish to disclose the material and/or shape of theheat sink until just before release. However customers of the heat sinkdesign and manufacturer will wish to check the cooling effects of newproducts incorporating the heat sink as soon as possible. A similarexample is in antenna design.

Invention embodiments allow cooperation between the owner of thecomponent and a third party organization in that the owner can provide apre-meshed model to the third party, which model is however encrypted toretain confidential information and restricted (concealed) to allowsimulation data to remain invisible to the third party.

For example, the restricted simulation data may be all the data relatedto the simulation in the volume occupied by the component or thatdetailed data which might reveal the shape or material of the componentto be derived. Other data, such as more general data (e.g. atemperature) and/or data outside of the proprietary component in themodel may be visible to the third party. A default restriction of allthe data may be applied, unless the owner chooses another restrictionoption.

Thus this aspect of the invention, which relates to a method in an ownerorganization, relates to importation of the component model (that is itsintroduction into the software or the part of the software that carriesout the method steps). The component model includes at least thegeometry of the component, mesh data (for example in the form of a gridor a node/element structure) and at least one material property of thecomponent that is relevant for modeling. The component model is notcompletely encrypted, rather a secure part thereof which is to remainconfidential is encrypted and an interface part for incorporation of themodel within the product model is unencrypted.

A restriction is added to the component model either before or afterencryption or in parallel with the encryption, the restrictionspecifying simulation result data which is not to be visible to thethird party. Finally the partially encrypted component model includingthe restriction is exported to the third party, for example on disc orover the internet.

According to embodiments of a second aspect which relates to methodsteps in the third party organization, there is provided a method ofincluding a structural component which is the confidential property ofan owner in a third party product simulation, the method comprising (inthe third party modeling software): importing a partially encryptedcomponent model including geometry of the component, mesh data, at leastone material property of the component, and a restriction specifyingsimulation result data which is not to be visible to the third party,wherein the partially encrypted component model includes a secure partencrypted using a software key, and an unencrypted interface part;inserting the component model within the product model using theunencrypted interface part of the component mode; decrypting the securepart of the partially encrypted component model; executing thesimulation; and applying the restriction.

In the third party modeling software, the partially encrypted model isimported and then inserted using the unencrypted interface part withinthe product model. Then the secure part of the partially encryptedcomponent model is decrypted. Alternatively, the component model may bedecrypted before insertion. Decryption within the modeling software inthe third party which corresponds to the owner modeling software allowsthe information to stay confidential within the software itself and notbe released to the third party. After the simulation is executed, (orbefore or during execution) the restriction is applied, for example sothat results which could allow unwanted disclosure of properties of thecomponent remain confidential.

One important benefit of invention embodiments is that it is possible tocarry out simulation and enhance cooperation between two organizationseven if a component includes confidential information and there wouldotherwise be reluctance to provide it to a third party for a simulation,which is however required often at a fairly early stage of design of anew product.

Confidentiality is maintained in that not only can a desired part of thecomponent model be encrypted but a restriction can be added to specifysimulation result data which is not to be visible to the third party.

Any suitable design and or manufacturing steps may be taken aftersimulation and as a consequence of the simulation results. For example,a different component may be used and/or the component position allowed,so that the final product is altered.

The methods in both the owner and third party organizations may berelated to a physical property-based 3-dimensional numerical simulation.Examples of such simulations include computational fluid dynamicsimulations, structural analysis and field analysis simulations, such aselectromagnetic field analysis. Any or all of these simulations areuseful in assessing what structural component should be included in aproduct and in what position. The term structural as used herein issimply intended to include 3-dimensional physical elements, and does notrelate to any particular load-bearing function.

In preferred embodiments, an interface part of the component model isunencrypted. This interface part may include geometry data, for examplerelated to the physical relationship of the component model to one ormore other components of the product, which may be useful forpositioning of the component model. The interface part may be userdefined in dependence upon the circumstances of inclusion of thecomponent within the third party product, for example to providefeatures of one face of the component fully or partially. Alternativelyor additionally, the interface part may include geometry data related topositioning features of the component specifically provided for locatingthe component within an overall product.

The component model includes geometry of the component (for example inthe form of CAD data), mesh data (for example in the form of data in anode and element data structure or in the form of a grid data structure)and at least one material property of the component (for example heatcapacity, electrical conductivity, mass density, thermal conductivityetc). Preferably, the component model also includes simulationparameters, such as any of the boundary condition, a time step and acontact condition (e.g., thermal resistance between two parts which arein contact with each other). Boundary conditions may include intake andexit conditions, pressure conditions, symmetry conditions, physicalboundary conditions etc, all related to the mesh or grid used.

A software key is used for the encryption and this is preferablyspecific to the modeling software and not known to the third party. Thisreserves the confidential data within the software itself. For enhancedsecurity, the software key may be also not known to the owner. This canallow the same methodology key to be used for transfer of components formodeling in both directions.

For improved security, an additional key may be used. In one embodiment,the secure part is encrypted using both the software key and a user key,wherein the user key is preferably a public key belonging to the thirdparty, for use in decryption with a corresponding private key. Thisknown public/private key functionality adds a further layer of security.

The restricted simulation result data may be any data which if revealedto the third party could allow derivation of confidential componentproperties. Thus the restriction may apply to detailed data and thedetailed data be used to give an overall (and non-restricted) outcomewhich is sufficient for simulation but does not reveal for example theconstruction of the component. Additionally or alternatively, theresults of the simulation may be restricted so that results directly in,on or around the component are not visible whereas results in the restof the model can be freely viewed. The skilled reader will appreciatethat the restricted results may be completely deleted or may beencrypted rather than deleted. The encryption can be of advantage, iffor example the results may be used to restart a simulation after aninterruption and deletion would otherwise have led to the completesimulation being carried out again.

The restriction or deletion step can take place after execution of thesimulation or during execution of the simulation, depending on thecircumstances.

Preferably, a graphical user interface (GUI) displays the simulationresults except the restricted simulation results.

Some extra measures may be taken to allow positioning of the componentmodel within the product model. In one preferred embodiment, the thirdparty modeling software detects a collision between the component modeland one or more other parts of the product model based on the interfacepart, and highlights the collision to a user via a GUI. This can allowthe user to manually position the component model.

To help the user, the GUI may have additional functionality indicatingwhere the component model may be placed. For example, the third partymodeling software and GUI may create and display a boundary box of thecomponent model. The boundary box may be created after the secure partof the partially encrypted component model has been decrypted, forexample by using the maximum length in the three perpendicular axes ordimensions of the component to produce a cuboid. This functionality maybe in addition to the interface part. When the component is insertedinto the product, the nearest face of the boundary box to a collisionwith another part of the product model may be highlighted.

Preferably, the area in which the component model can be included in theproduct model without collision is shown in a GUI, for example using theabove boundary box methodology and/or by marking the edges of the area(or areas) in the GUI.

Embodiments of invention also extend to the apparatus equivalent of themethod in the owner organization and in the third party organization.The apparatus at the owner or the third party organization or both mayinclude functionality to carry out both the encryption method and thedecryption and simulation method, so that it can also carry out theother role (owner/third party) for example for a different component andproduct combination. However, the apparatus functionality is describedseparately by role below, for simplicity.

Thus in an embodiment of a further aspect related to the owner role,there is provided an apparatus arranged to allow inclusion of astructural component which is the confidential property of an owner in athird party remote product simulation, the apparatus comprising: animporter operable to import a component model including geometry of thecomponent, mesh data and at least one material property of thecomponent; an encrypter operable to encrypt a secure part of thecomponent model which is to remain confidential to the owner using asoftware key, and to leave an interface part of the component modelunencrypted; a restricter operable to add a restriction to the componentmodel, the restriction specifying simulation result data which is not tobe visible to the third party; and an exporter operable to export thepartially encrypted component model to the third party for use in thirdparty modeling software.

In an embodiment of a final aspect related to the third partyorganization, there is provided an apparatus arranged to include astructural component which is the confidential property of an owner in athird party product simulation, the apparatus comprising: an importeroperable to import a partially encrypted component model includinggeometry of the component, mesh data, at least one material property ofthe component, and a restriction specifying simulation result data whichis not to be visible to the third party, wherein the partially encryptedcomponent model includes a secure part encrypted using a software key,and an unencrypted interface part; an insertion tool operable to insertthe component model within the product model using the unencryptedinterface part of the component mode; a decrypter operable to decryptthe secure part of the partially encrypted component model; and asimulator operable to execute the simulation and apply the restriction.

The invention also provides a computer program or a computer programproduct for carrying out any of the methods described herein, and acomputer readable medium having stored thereon a program for carryingout any of the methods described herein.

The reader will appreciate that the invention can be implemented indigital electronic circuitry, or in computer hardware, firmware,software, or in combinations of them. The invention can be implementedas a computer program or computer program product, i.e., a computerprogram tangibly embodied in an information carrier, e.g., in amachine-readable storage device or in a propagated signal, for executionby, or to control the operation of, one or more hardware modules. Acomputer program can be in the form of a stand-alone program, a computerprogram portion or more than one computer program and can be written inany form of programming language, including compiled or interpretedlanguages, and it can be deployed in any form, including as astand-alone program or as a module, component, subroutine, or other unitsuitable for use in a data processing environment. A computer programcan be deployed to be executed on one module or on multiple modules atone site or distributed across multiple sites, for example of the ownerorganization and at the third party organization, interconnected by acommunication network.

Method steps of the invention can be performed by one or moreprogrammable processors executing a computer program to performfunctions of the invention by operating on input data and generatingoutput. Apparatus of the invention can be implemented as programmedhardware or as special purpose logic circuitry, including e.g., an FPGA(field programmable gate array) or an ASIC (application-specificintegrated circuit).

Processors suitable for the execution of a computer program include, byway of example, both general and special purpose microprocessors, andany one or more processors of any kind of digital computer. Generally, aprocessor will receive instructions and data from a read-only memory ora random access memory or both. The essential elements of a computer area processor for executing instructions coupled to one or more memorydevices for storing instructions and data.

Test scripts and script objects can be created in a variety of computerlanguages. Representing test scripts and script objects in a platformindependent language, e.g., Extensible Markup Language (XML), allows oneto provide test scripts that can be used on different types of computerplatforms.

The invention is described in terms of particular embodiments. Otherembodiments are within the scope of the following claims. For example,the steps of the invention can be performed in a different order andstill achieve desirable results. Thus in one embodiment the restrictionat the owner side may be added before the component model is importedinto the relevant part of the modeling software, or take place afterimportation but before encryption. Equally, in the third party,decryption can take place before insertion of the component and therestriction can be applied at any suitable time.

An apparatus according to preferred embodiments of the present inventioncan comprise any combination of the method aspects and vice versa.Methods according to the method embodiments can be described ascomputer-implemented in that they require processing and memorycapability.

The apparatus according to preferred embodiments is described asoperable to (configured or arranged to) carry out certain functions.This configuration or arrangement could be by use of hardware ormiddleware or any other suitable system. In preferred embodiments, theconfiguration or arrangement is by software. In general the hardwarementioned may comprise the elements listed as being to provide thefunctions defined. Elements of the invention have been described usingfunctional terms such as “importer” and “encrypter”. The skilled personwill appreciate that such terms and their equivalents may refer to partsof the hardware system that are spatially separate but combine to servethe function defined. Equally, the same physical parts of the hardwaremay provide two or more of the functions defined. For example,separately defined elements may be implemented using the same memoryand/or processor as appropriate.

BRIEF DESCRIPTION OF THE DRAWINGS

These and/or other aspects and advantages will become apparent and morereadily appreciated from the following description of the embodiments,taken in conjunction with the accompanying drawings of which:

FIG. 1 a shows mesh data for a tri-mesh used in a finite element method;

FIG. 1 b shows mesh data for a quad mesh used in a finite elementmethod;

FIG. 1 c shows mesh data in a 2D finite difference method;

FIG. 2 shows the creation of an analysis model;

FIG. 3 is a flow chart of a method of creating a 3D simulation using acomponent from another party;

FIG. 4 is a flow chart showing a general embodiment of a method in theowner software;

FIG. 5 is a flow chart showing a general embodiment of a method in thethird party software;

FIG. 6 is a schematic representation showing a general embodiment of theowner apparatus;

FIG. 7 is a schematic representation showing a general embodiment of thethird party apparatus;

FIG. 8 is the flow of the encryption process inside the owner software;

FIG. 9 is an example of the encryption of geometry;

FIG. 10 shows the assembly of an encrypted part model to a part modelwhich is not encrypted;

FIG. 11 shows a part model assembly;

FIG. 12 shows a flow chart to create a simulation model using partencryption according to a general embodiment;

FIG. 13 shows assembly check functionality in the third party modelingsoftware;

FIG. 14 shows a flow chart of deletion of simulation results;

FIG. 15 shows examples of heat sinks;

FIG. 16 shows a normal analysis model of heat sinks and an encryptedpart model analysis;

FIG. 17 is a diagram of a chip antenna; and

FIG. 18 is a comparison of a normal analysis model and an analysis modelusing an encrypted part.

DETAILED DESCRIPTION

Reference will now be made in detail to the embodiments, examples ofwhich are illustrated in the accompanying drawings, wherein likereference numerals refer to the like elements throughout. Theembodiments are described below to explain the present invention byreferring to the figures.

FIG. 2 shows the idea of using a model of database parts for inclusionin a 3-dimensional simulation model used, in this case, for 3Dstructural analysis or 3D CFD. In this illustration, individualcomponents (or parts) are stored both separately, and grouped togetherto form a product.

Recently, 3-dimensional (3-D) numerical simulation technologies (such asstructural, or field analysis or computational fluid dynamics (CFD))have become widely used in product development. When a 3-D simulationmodel is prepared, the part (or component) models can be re-used, asexplained previously. The 3-D simulation model may contain all the dataused to perform analysis (e.g. mesh data, material properties, boundaryconditions setting parameters for software, which may involve anotherparty's confidential materials) for all the parts in a given product.Each part model thus includes the same types of data (geometrical data,mesh data, material property, and parameters for simulation etc). Anoperator chooses parts from one or more databases, and a 3-D simulationmodel is created to assemble them.

Subsequently, simulation software creates numerical data (e.g. matrixand vector data) using this 3-D simulation data and numerical simulationis performed. When the numerical simulation finishes, the operator canobtains the result of structural analysis, field analysis and/or CFD asshown in FIG. 2.

The inventors hypothesize that with a free transfer of information, whenan operator, who belongs to an organization that is called “Party A” (athird party), wants to use some part model which belongs to anotherorganization that is called “Party B” (the owner), this operatorrequests Party B to send the part model. But in many cases, the partmodel includes confidential information (e.g. shape of part, materialproperty etc), therefore Party B cannot send this part model to anotherparty. Then Party A's operator cannot obtain Party B's part model andcannot execute a 3-D simulation including the component.

Invention embodiments propose the so-called “Encrypted part model”approach, which is 3-D simulation software that has encrypted andnon-encrypted functionality for use at the third party and ownerorganizations. This software package can encrypt and decrypt partmodels, as explained in more detailed hereinafter. Additionally, anencrypted part model may be decrypted only by this software. When thepart model is encrypted by this software, Party B (the owner) can sendthe encrypted part model to Party A with confidentiality maintained.

FIG. 3 shows the scenario without encryption. When a 3-D simulationmodel is created to perform structural or field analysis and/or CFD,some part models are assembled. These part models are obtained from notonly the simulator's own organization but also from anotherorganizations. FIG. 3 shows a flow chart method to create a 3-Dsimulation model. Party A (third party) wants to insert Party B's partmodel, which proprietary model is called X, into Party A's 3-Dsimulation model (as shown in the right hand graphic). First, Party Arequests Party B to send part model X. If Party A obtains X from PartyB, Party A can input X to software and create a 3-D simulation modelcompletely, which includes X. After that, the 3-D simulation softwarecreates analysis data and performs numerical simulation.

In FIG. 3, if X includes some confidential data belonging to owner B andB thus cannot disclose X, A cannot create a simulation model completely.However, if A cannot know the contents of X and yet can still performnumerical simulation, then B can give X to A for use in simulation.

Invention embodiments allow this distribution of a part model betweenindividual organizations with confidentiality maintained. The mainapplication is 3-dimensional simulation software which is used in thedevelopment of manufacturing products.

Invention embodiments use the general methodology as shown in FIGS. 4and 5. FIG. 4 shows a process in an owner organisation. In step S10 acomponent model is imported, for example into the modelling software, orinto the relevant part of the modelling software. In step S20 a securepart of the component is encrypted, for instance to safeguard aconfidential shape, material or other property of the model and aninterface part of the model is left unencrypted. In step S30 the resultsof a simulation performed on the component model are restricted so thatsome information is not visible to any third party carrying out such asimulation. In step S40 the partially encrypted model (including thesecure part, the interface part and the restriction) is exported. Thusthere are two elements of security: firstly encryption preferably usinga software key and secondly restriction of results of simulation.

FIG. 5 shows the corresponding decryption method and simulation in athird party company. In step S50 the partially encrypted model of thecomponent is imported into the software. In step S60 the component modelis inserted into a product model. In step S70 the secure part of thecomponent is decrypted and in step S80 the simulation is executed. Instep S90 the restriction is applied. Thus the result of the simulationincludes the component within the model but still protects proprietaryinformation belonging to the owner of the component.

Of course the third party product simulation may include more than oneencrypted model component as necessary for design of the productconcerned. The key shown in FIGS. 4 and 5 is a software key whichbelongs to the modelling software installed at the owner and at thethird party. In a different scenario, the roles of these twoorganisations may be reversed. Thus the same organisation can take bothroles, but not for the same simulation.

FIG. 6 shows the structure of an apparatus in the owner organisation.The structure is shown in terms of functional blocks within an apparatuswhich is embodied as a computer. Importer 10 imports the componentmodel; encrypter 20 encrypts the secure part but not the interface partof the component model. Restricter 30 adds a restriction to thesimulation result data visible to the third party and exporter 40exports the partially encrypted component model including therestriction. Similarly, FIG. 7 shows the third party apparatus with acorresponding decryption and a modelling functionality. The importerimports the partially encrypted component model including therestriction. Insertion tool 60 inserts the component model within theproduct model with help from the interface part for positioning.Decrypter 70 decrypts the secure part within the software only in orderto run the simulation. Simulator 80 is able to execute the simulationand apply the restriction. Finally GUI 90 may be used for showing theresults of the simulation, as well as for input by the operator.

Invention embodiments make it possible to distribute a part model withconfidentiality maintained. A party can create 3-D simulation modelusing another party's component without getting to know the confidentialinformation which is included in the component.

The strategy used is that 3-D simulation software (for example forstructural analysis, EMF field analysis or CFD) has encrypted andun-encrypted functionalities. Also, some information about a part model(such as a geometrical shape) can be guessed from a result of 3-Dsimulation. Therefore, it is necessary to conceal some results. The 3-Dsimulation software of invention embodiments can have the followingfeatures.

-   -   1. The 3-D simulation model is made by assembling components in        the software. The 3-D simulation software, which executes        structure and/or field analysis and/or CFD, can include        functionalities to encrypt a part model and to decrypt it.    -   2. This software (at the owner and at the third party sites) has        its own key which is used to encrypt and decrypt part model.        Therefore, only this software can decrypt a part model which is        encrypted by this software.    -   3. In addition to the software's own key, another key which is        defined by a user can be used to encrypt the part model. If a        user wishes to use such a key, it is possible to use a public        key cryptosystem.    -   4. The full information made by decrypting the part model is not        outputted to a file and/or a monitor and is used only inside        this software. Therefore, a user cannot see the information of        an encrypted part model.    -   5. When a user places an encrypted model in a 3-D simulation        model, the user needs information as to where it should be        placed in the 3-D simulation model. Therefore, the person who        creates the encrypted part model can select some geometries to        clarify the relation between other parts (e.g. a face which is        glued another part, screw holes, pins etc.). Some selected        geometries are thus unencrypted and recognized (seen) in the 3-D        simulation software.    -   6. When an encrypted part model is assembled into a 3-D        simulation model, a user cannot notice its (full) geometry.        Because of this, the user cannot check whether the position of        actual 3-D geometry, which is included in the encrypted part        model, is suitable. Especially, it is necessary to check the        relation between geometries, for example collision between        parts, rather than connection to other solid connection or        contact to other parts is allowed, but not collision, which        would effectively represent overlap of two solid parts.        Therefore, this 3-D simulation software has functionality to        check the relation between geometries (FIG. 8).    -   7. Some results which are obtained from the simulation are        deleted automatically. The data type (e.g. temperature, flux        velocity, stress, etc) which must be deleted can be specified in        the part model by user. The deleted region may be the area of        encrypted model area. Alternatively, encryption may be used        rather than deletion, for example so that files can be restarted        in transient simulation.

Possible benefits of the approach of invention embodiments are:

-   -   1. A third party can create a simulation model using an        encrypted part model without getting know the contents of the        part model. Therefore, using this approach, a part model is        distributed with confidentiality maintained.    -   2. An owner of a confidential component may provide a part model        to another party even if confidential data is included in the        part model.

DETAILED EXAMPLE

For a clear explanation, the following assumptions are made:

-   -   One party is called A (the third party)    -   Another party is called B (the owner)    -   B has a part model called X.    -   The encrypted version of the part model X (which B encrypts) is        called Z.    -   A wants to use X in A's simulation model    -   X includes confidential information. Therefore, the owner B        cannot disclose the contents of X.    -   3-D simulation software which has encrypted and unencrypted        functionalities as mentioned in the previous section is called        S.

(1). Encryption Phase

Party B (the owner of the component or part model) receives the requestto use part model X in a product. However, Party B cannot disclose thedesign data and simulation data of X. Therefore, Party B encrypts partmodel X using Software S. When Software S encrypts X to form Z, SoftwareS uses its own internal key (K-I). Party A cannot know the informationof Z. Only Software S can understand Z. In order to improve security,Software S can use the RSA methodology, in which, in addition to K-I, Buses A's public key K-PA to encrypt part model X.

FIG. 8 shows the process inside party B (the owner) in detail. Therequest is received from A, the third party modeller, in step S100 andthe remaining steps take place within the modelling software S. Firstly,the part model X is imported in step S110. In this embodiment the partmodel X already includes the restriction of the type of result datawhich is deleted after simulation as well as geometry, mesh data andmaterial property data. Thus the part model may already include therestriction at the importation stage. In step S120 part model “X” isencrypted using the public key of A as well as the software internalkey. Subsequently the encrypted file “Z” is exported to party A in stepS130.

When A places encrypted model in its own 3-D simulation model, A needsinformation about where A should place the component in the 3-Dsimulation model. Therefore, B can select some geometries to clarify therelation between the component and one or more other parts (e.g. a facewhich is glued another part, screw holes, pins etc.). Some selectedgeometries hence remain unencrypted and thus are recognized (visible) inthe 3-D simulation software. One example is shown in FIG. 9 which haselements which are not encrypted for clarification of the relation toother parts. In this case, the part has two pin holes and a face whichcontact another part. A can “see” these geometries. Therefore, A canassemble this encrypted part model to A's own 3-D simulation model asshown in FIG. 10. Actually, two geometries are assembled as shown inFIG. 11, which depicts assembly of the encrypted part model (renderedvisible for the purposes of illustration) to a part model which is notencrypted. The user A can only see pin holes and a contact face in theencrypted model. Using this information the user A can assemble thecomponent to another part model.

(2). Decryption Phase

Party A (the third party) receives the encrypted model Z. Party Acreates the simulation model by assembling Z. Software S decrypts Zusing K-I and K-SA. After the decryption, Software S creates analysisdata. Because this process is performed inside Software S, Party Acannot know the content of X. Simulation uses the decrypted part model Xand a result is obtained.

FIG. 12 shows a flow chart to create the simulation model using theencrypted part model.

In step S140 “Z” is received from B. In step S150 the part model “Z” isimported into A's analysis model as shown in the graphic to the rightand assembled into the model in step S160. For the encrypted model, Z isdecrypted in step S170 using A's secret key to decrypt A's public keywith which “Z” was encrypted and further using the software internal keyunknown to A and B. Then analysis data is created in step S180 forinstance to perform the translation from model data to calculation data(e.g., as a set of simultaneous linear equations). The simulation isexecuted in step S190.

Party A cannot see all the geometry of Z. Therefore, A cannot confirmwhether assembly is correct (with reference to collision with anotherpart, not connection to any other parts, which is achieved using theknown interface parts). Thus the 3-D simulation software checks theconnection and relation between geometries, even when the part model isencrypted for external purposes as shown in FIG. 8. When an abnormalconnection is detected, the software reports the information to theuser. For example, the nearest face of a boundary box from the abnormalpoint is highlighted in a GUI. Also, the area in which encrypted partmodel can be assembled is shown.

FIG. 13 shows various check functionalities used in the software atcompany A, the third party modeler. When the encrypted part model withits hidden geometry is placed on a non-encrypted model there may be acollision. This may be reported to the user using a bounding/boundarybox created after the encrypted part model has been decrypted in thesoftware. For example this box may be created by the maximum extent ofthe encrypted part model in the three X, Y and Z axis. As an aside, thedistinction between this bounding box and the dotted outline shown inFIGS. 9 and 10 is that this dotted outline represents the whole of thecomponent model and thus is likely to include an area around the partwhich is meshed so that knowledge is included in the shape of the meshat the boundary between the solid and the fluid.

At the far right of FIG. 13 the GUI is shown highlighting the nearestface of the bounding box to the collision issue. The GUI mayadditionally or alternatively show the area in which the bounding boxcan be assembled onto a non-encrypted part model as shown in the lowerportion of FIG. 13 and indicated by two dashed rectangles.

(3). Post-Processing Phase

In many cases, party A would be able to guess information about X (e.g.its geometrical shape, or material property) using the result of thesimulation (e.g. the temperature profile, flux velocity profile or othercharacteristics). Therefore, some type of data is restricted, forinstance by deletion or encryption. The type of restricted data isdescribed in X and/or Z. Using this information, Software S will deletesuitable data.

FIG. 14 shows a flow chart in which the restricted type of data isdeleted. In step S200, the result is combined with a specification ofdata for deletion from X resulting in the deletion as shown in thegraphic to the right of the diagram. The result is displayed in a GUI,for example with results omitted at X (as shown in the right-handgraphic), including the mesh extending beyond the actual componentstructure.

According to invention embodiments, as a first part model is encrypted,it will become impossible to get to know the contents of this partmodel. However it is possible to carry out simulation. Therefore, evenif the part model has confidential information, one party can providethis part model to another party. Moreover another party can create a3-D simulation model using this part model without getting to know thecontents of the part model (or its confidential data).

Examples of Encrypted Components

A Heat Sink

A heat sink may be used for cooling an LSI circuit. The coolingcapability of the heat sink is dependent on its shape and its material.Therefore, the designer of a heat sink does not wish to disclose thisinformation until just before the release of the heat sink itself.Examples of different shapes of heat sinks are shown in FIG. 15.

Customers for the heat sink will want to evaluate the new component assoon as possible, but the heat sink designer wishes to protect itsconfidential information. In invention embodiments, the confidentialinformation about the heat sink is encrypted; thus the heat sinkdesigner can provide it to a third party product manufacturer withoutconcern. FIG. 16 shows a normal analysis model in which the heat sink ismounted on the LSI. The customer is interested in the temperature of theLSI. The right hand side of FIG. 16 shows an encrypted part model whichstill allows the user to find out the temperature of the LSI but doesnot reveal the shape of the heat sink.

Antenna

FIG. 17 shows some chip antenna shapes. Just like the heat sink example,the antenna capability is dependent on its shape. However the effect ofthe antenna within a product such as a mobile phone is dependent on thecomponents and other configuration details surrounding the antenna.Therefore it is important to predict the actual capability of an antennain situ using three dimensional electromagnetic simulation.

FIG. 18 shows a normal analysis model and an analysis model using theencrypted part model. The chip antenna is mounted on a printed circuitboard and the customer is interested in the electromagnetic field forexample at a distance of three meters from the antenna. This informationis obtainable despite the encryption of the part model.

Although a few embodiments have been shown and described, it would beappreciated by those skilled in the art that changes may be made inthese embodiments without departing from the principles and spirit ofthe invention, the scope of which is defined in the claims and theirequivalents.

What is claimed is:
 1. A method of allowing inclusion of a structuralcomponent which is the confidential property of an owner in a thirdparty remote product simulation, the method comprising, in ownermodelling software: importing a component model including geometry ofthe component, mesh data and at least one material property of thecomponent; encrypting a secure part of the component model which is toremain confidential to the owner using a software key, and leaving aninterface part of the component model unencrypted; adding a restrictionto the component model before the component model is exported, therestriction specifying simulation result data which is not to be visibleto the third party; and exporting the partially encrypted componentmodel to the third party for use in third party modeling software.
 2. Amethod of including a structural component which is the confidentialproperty of an owner in a third party product simulation, the methodcomprising, in the third party modelling software: importing a partiallyencrypted component model including geometry of the component, meshdata, at least one material property of the component, and a restrictionspecifying simulation result data which is not to be visible to thethird party, wherein the partially encrypted component model includes asecure part encrypted using a software key, and an unencrypted interfacepart; inserting the component model within the product model using theunencrypted interface part of the component mode; decrypting the securepart of the partially encrypted component model; executing thesimulation; and applying the restriction.
 3. A method according to claim1, wherein the product simulation is a physical property-basedthree-dimensional numerical simulation, such as a computational fluiddynamics, a structural analysis, or a field analysis simulation.
 4. Amethod according to claim 1, wherein the interface part of the componentmodel includes geometry data, for example related to the physicalrelationship of the component model to one or more other components ofthe product.
 5. A method according to claim 1, wherein the componentmodel includes simulation parameters, such as any of a boundarycondition, a time step and a contact condition.
 6. A method according toclaim 1, wherein the software key is specific to the modelling softwareand not known to the third party and preferably not known to the owner.7. A method according to claim 1, wherein the secure part is encryptedusing both the software key and a user key, wherein the user key ispreferably a public key belonging to the third party, for use indecryption with a corresponding private key.
 8. A method according toclaim 8, wherein the restricted simulation result data which is not tobe visible to the third party includes results of the simulation inand/or around the component model, and preferably wherein the defaultrestriction is all the simulation results of the component model.
 9. Amethod according to claim 2 or any claim dependent thereon, wherein thethird party modelling software deletes or encrypts restricted simulationresult data during or after execution of the simulation, and/or whereina GUI displays the simulation results, except the restricted simulationresults.
 10. A method according to claim 2, wherein the third partymodelling software detects a collision between the component model andone or more other parts of the product model based on the interfacepart, and highlights the collision to a user via a GUI.
 11. A methodaccording to claim 2, wherein the third party modelling software and GUIcreates and displays a bounding box of the component model using thedecrypted secure part, and preferably wherein the nearest face of thebounding box to a collision with one or more other parts of thecomponent model is highlighted.
 12. A method according to claim 2,wherein the area in which the component model can be included in theproduct model without collision is shown on a GUI.
 13. Acomputer-readable non-transitory storage medium tangibly embodying anowner modelling computer program which when executed on a computingapparatus carries out a method of allowing inclusion of a structuralcomponent which is the confidential property of an owner in a thirdparty remote product simulation, the method comprising importing acomponent model including geometry of the component, mesh data and atleast one material property of the component; encrypting a secure partof the component model which is to remain confidential to the ownerusing a software key, and leaving an interface part of the componentmodel unencrypted; adding a restriction to the component model beforethe component model is exported, the restriction specifying simulationresult data which is not to be visible to the third party; and exportingthe partially encrypted component model to the third party for use. 14.A computer-readable non-transitory storage medium tangibly embodying athird party modelling computer program which when executed on acomputing apparatus carries out a method of including a structuralcomponent which is the confidential property of an owner in a thirdparty product simulation, the method comprising, in the importing apartially encrypted component model including geometry of the component,mesh data, at least one material property of the component, and arestriction specifying simulation result data which is not to be visibleto the third party, wherein the partially encrypted component modelincludes a secure part encrypted using a software key, and anunencrypted interface part; inserting the component model within theproduct model using the unencrypted interface part of the componentmode; decrypting the secure part of the partially encrypted componentmodel; executing the simulation; and applying the restriction.
 15. Anapparatus arranged to allow inclusion of a structural component which isthe confidential property of an owner in a third party remote productsimulation, the apparatus comprising: an importer operable to import acomponent model including geometry of the component, mesh data and atleast one material property of the component; an encrypter operable toencrypt a secure part of the component model which is to remainconfidential to the owner using a software key, and to leave aninterface part of the component model unencrypted; a restricter operableto add a restriction to the component model, the restriction specifyingsimulation result data which is not to be visible to the third party andan exporter operable to export the partially encrypted component modelto the third party for use in third party modeling software.
 16. Anapparatus arranged to include a structural component which is theconfidential property of an owner in a third party product simulation,the apparatus comprising: an importer operable to import a partiallyencrypted component model including geometry of the component, meshdata, at least one material property of the component, and a restrictionspecifying simulation result data which is not to be visible to thethird party, wherein the partially encrypted component model includes asecure part encrypted using a software key, and an unencrypted interfacepart; an insertion tool operable to insert the component model withinthe product model using the unencrypted interface part of the componentmode.